Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Unauthenticated attackers can send configuration settings to device and possible perform physical... Moderate Unreviewed
CVE-2025-30512 was published Apr 16, 2025
ingress-nginx controller - configuration injection via unsanitized auth-url annotation High
CVE-2025-24514 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation High
CVE-2025-1097 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ingress-nginx controller - configuration injection via unsanitized mirror annotations High
CVE-2025-1098 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change... High Unreviewed
CVE-2025-0425 was published Feb 18, 2025
For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker... High Unreviewed
CVE-2024-11166 was published Jan 22, 2025
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality... Critical Unreviewed
CVE-2024-39788 was published Jan 14, 2025
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality... Critical Unreviewed
CVE-2024-39790 was published Jan 14, 2025
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality... Critical Unreviewed
CVE-2024-39789 was published Jan 14, 2025
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd... Critical Unreviewed
CVE-2024-39793 was published Jan 14, 2025
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd... Critical Unreviewed
CVE-2024-39794 was published Jan 14, 2025
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd... Critical Unreviewed
CVE-2024-39795 was published Jan 14, 2025
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup()... Critical Unreviewed
CVE-2024-39800 was published Jan 14, 2025
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup()... Critical Unreviewed
CVE-2024-39798 was published Jan 14, 2025
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup()... Critical Unreviewed
CVE-2024-39799 was published Jan 14, 2025
An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of... Critical Unreviewed
CVE-2024-39280 was published Jan 14, 2025
An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink... Critical Unreviewed
CVE-2024-39602 was published Jan 14, 2025
An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup()... Critical Unreviewed
CVE-2024-38666 was published Jan 14, 2025
Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability... High Unreviewed
CVE-2024-54097 was published Dec 12, 2024
Service Control vulnerabilities allow access to service restart requests and vm configuration... High Unreviewed
CVE-2024-51544 was published Dec 5, 2024
Information Disclosure vulnerabilities allow access to application configuration information. ... High Unreviewed
CVE-2024-51543 was published Dec 5, 2024
A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the... High Unreviewed
CVE-2024-50358 was published Nov 26, 2024
Flowise OverrideConfig security vulnerability High
GHSA-5cph-wvm9-45gj was published for flowise (npm) Nov 21, 2024
ryanhalliday
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database... High Unreviewed
CVE-2024-10979 was published Nov 14, 2024
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing Moderate
CVE-2024-21583 was published for github.com/gitpod-io/gitpod (Go) Jul 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database